Remarks 

This listing of claims will replace all prior versions and listings of claims in the 
application. No claims are added or cancelled in this response. Therefore claims 1, 4-7, 
9, 10, 13-16, 19, 20, 24-26, 39-43, 46, 48-50, 52, and 53 are pending. Applicants 
respectfully request reconsideration of claims in view of the amendments. 

Claim Objections 

Examiner objects to claim 48 because of informalities. Applicants make 
appropriate correction to claim 48. Accordingly, Applicants respectfully request the 
Examiner to withdraw the claim objection. 

Rejection Under 35 U.S.C. § 103(a) 

• Examiner rejects claims 1, 4-6, 39-42, and 46 under 35 U.S.C. § 103(a) for allegedly 
being unpatentable over U.S. Patent No. 6,732,176 of Stewart (hereinafter "Stewart") 
in view of U.S. Patent No. 7,493,755 of Genty (hereinafter "Genty") and U.S. Patent 
No. 7,194,554 of Short (hereinafter "Short"). Office Action, p. 3. item 4 . 

• Examiner rejects claims 7 and 43 under 35 U.S.C. § 103(a) as being unpatentable 
over Stewart in view of Genty and Short, further in view of Funk Software, 
"Comprehensive RADIUS/AAA Solution for the global Enterprise", February 22, 
2003, pages 1-6 (hereinafter "Funk"). Office Action, p. 9, item 5 . 

• Examiner rejects claim 48 under 35 U.S.C. § 103(a) as being unpatentable over 
Stewart in view of Genty and Short, further in view of U.S. Patent Application 
Publication No. 2002/0055924 of Liming (hereinafter "Liming"). Office Action, p. 
10, item 6 . 

• Examiner rejects claims 9, 10, 13-16, 19, 24, and 52-53 under 35 U.S.C. § 103(a) as 
being unpatentable over Stewart in view of Genty and Short, further in view of U.S. 
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Patent Application Publication No. 2005/0149443 of Torvinen (hereinafter 
"Torvinen"). Office Action, p. 11, item 7 . 



• Examiner rejects claim 20 under 35 U.S.C. § 103(a) as being unpatentable over 
Stewart in view of Genty, Short and Torvinen, further in view of U.S. Patent 
Application Publication No. 2004/0255154 of Kwan (hereinafter "Kwan"). According 
to the Examiner, Office Action, p. 18, item 8 . 

• Examiner rejects claims 25 and 26 under 35 U.S.C. § 103(a) as being unpatentable 
over Stewart in view of Genty, Short and Torvinen, further in view of Funk. Office 
Action, p. 19, item 9 . 

• Examiner rejects claim 49 under 35 U.S.C. § 103(a) as being unpatentable over 
Stewart in view of Genty, Short, and Torvinen, and further in view of Liming. Office 
Action, p. 20, item 10 . 

• Examiner rejects claim 50 under 35 U.S.C. § 103(a) as being unpatentable over 
Stewart in view of Genty, Short ,and Torvinen, and further in view of U.S. Patent 
Application Publication No. 2001/0045451 of Tan (hereinafter "Tan"). Office 
Action, p. 21, item 11 . 

Examiner rejects all pending claims in view of eight references. Applicants 
contend that all elements of amended claim 1, which is reproduced below, are still not 
disclosed by the cited references even with any combination of the eight references. 
M.P.E.P. § 2145, Part V . Independent claims 10 and 39 recite similar limitations as 
claim 1. 
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Claim 1 as amended recites the following: 



A method of controlling access to a network, the method comprising: 
configuring an authentication server to include a first location 
information corresponding to a combination of identities of a user 
station and of a mobile client, the first location information being a 
location at which the mobile client is permitted to connect to the network, 
wherein the authentication server is coupled to the network 
and comprises a Remote Authentication Dial-In User Service 
(RADIUS) server having RADIUS attributes, and 

wherein the first location information is included within 
a RADIUS vendor specific attribute (VSA) of the RADIUS 
attributes; 

requesting by a network switch the combination of identities of 
the user station and of the mobile client attempting to connect to the 
network; 

receiving, by the authentication server, the combination of 
identities of the user station and of the mobile client via the network 
switch; 

associating, by the network switch, a second location information 
corresponding to the mobile client with the combination of identities of 
the user station and of the mobile client, wherein the second location 
information indicates a location of the network switch coupled to the 
network to which the mobile client is attempting to connect; 

authenticating, by the authentication server, the combination of 
identities of the user station and of the mobile client received by the 
authentication server; 

comparing, by the authentication server, the second location 
information corresponding to the mobile client against the first 
location information from the VSA; 

deciding, by the authentication server, whether to grant or deny 
access to the network for the mobile client in response to authenticating 
the combination of the identities of the user station and of the mobile 
client, wherein the deciding is in response to comparing the second 
location information against the first location information; and 

informing the network switch by the authentication server whether 
to grant or deny access to the network for the mobile client. 

The claim amendments are supported by the Specification. See, for example, 
Application Specification, p. 9, lines 12 to 14; p. 10, lines 1-9 . 
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"All words in a claim must be considered in judging the patentability of that 
claim against the prior art." In re Wilson, 424 F.2d 1382, 1385, 165 USPQ 494, 496 
(CCPA 1970). M.P.E.P. § 2143.03 (emphasis added) . 



Examiner admits that Stewart does not disclose that the authentication server is 
coupled to the network and comprises a RADUIS server. Office Action, p. 5 . Examiner 
further admits that Stewart does not disclose that the first location information is included 
within a RADIUS vendor specific attribute (VSA) of the RADIUS attributes. Id. To 
cure these deficiencies, Examiner relies on Genty and Short. Id. 

Regarding Genty, Examiner implicitly admits the Genty does not disclose that the 
first location information is included within a RADIUS vendor specific attribute (VSA) 
of the RADIUS attributes. To cure that specific deficiency, Examiner relies on Short. Id. 

Applicants contend that neither Genty nor Short, alone or in combination, cure the 
deficiencies of Stewart for at least the following reasons. 

Genty allegedly discloses a user registry for a network access authentication 
server such as a RADIUS server, which is configured to hold a user's private key and the 
users public key certificate. Genty, Col. 3, lines 11-13 "Summary of the Invention. " 
The section of Genty cited by the Examiner (Col. 12, lines 30-44), however, does not 
disclose that the first location information is included within a RADIUS vendor specific 
attribute (VSA) of the RADIUS attributes as recited by claim 1 . Instead, the cited section 
of Genty states: 

Assuming that the user requires access to the grid, the network 
access authentication server generates a proxy certificate (step 406) in a 
manner similar to that described above; the proxy certificate contains 
some information that has been copied from the user's public key 
certificate, e.g., the "Subject" identifier, and the proxy certificate is 
digitally signed with the user's private key. The network access 
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authentication server then returns the proxy certificate along with the 
network access parameters (step 408), thereby concluding the integrated 
authentication process. For example, a RADIUS server with extended 
functionality, such as the grid proxy certificate generator function as 
shown in FIG. 2B, is able to return the proxy certificate within 
vendor-specific attributes (VSA) that allow vendors to support 
extended attributes within the RADIUS protocol, (emphasis added) 

The above disclosure of Genty only discloses that the grid proxy certificate 
generator function as shown in FIG. 2B of Genty, is able to return the proxy certificate 
within vendor-specific attributes (VSA) that allow vendors to support extended attributes 
within the RADIUS protocol. This grid proxy certificate is not the first location 
information which is included within the VSA. Instead, the grid proxy certificate of 
Genty contains some information that has been copied from the user's public key 
certificate, e.g., the "Subject" identifier, and the proxy certificate is digitally signed with 
the user's private key. The "Subject" identifier of Genty is not the first location 
information which is included within a VSA. 

Claim 1 specifically recites that the first location information is included within a 
RADIUS vendor specific attribute (VSA) of the RADIUS attributes and Examiner is 
respectfully requested to follow M.P.E.P. § 2143.03 — "All words in a claim must be 
considered in judging the patentability of that claim against the prior art." Simply 
because some information (a grid proxy certificate of Genty) is associated with the VSA 
of RADIUS of Genty, does not mean that the specific information of the first location is 
included in the VSA attribute of RADIUS attributes as recited by claim 1. Furthermore, 
Genty provides no motivation or suggestion that the VSA of its RADIUS server is 
configured to hold the specific information of the first location at which the mobile client 
is permitted to connect to the network as recited by claim 1. 

Applicants further contend that Short does not cure the above deficiency of 
Genty. Short allegedly discloses systems and method for selectably controlling and 
customizing source access to a network. Short, Abstract . The cited sections of Short do 
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not disclose that the first location information is included within a RADIUS vendor 
specific attribute (VSA) of the RADIUS attributes as recited by claim 1. Indeed, the term 
"VSA" or "vendor" does not even appear anywhere in Short. Without any disclosure of 
the term "VSA" in Short, Short falls short of any ability to render the above limitation 
obvious. 

As mentioned above, Genty's use of the VSA with a grid proxy certificate has 
nothing to do with including the first location at which the mobile client is permitted to 
connect to the network. Accordingly, the alleged VSA of Genty cannot be used to store 
the alleged source profile of Short. In the absence of any VSA usage model in Short, 
there is simply no suggestion or motivation to place any location information from the 
alleged source profile of Short to a non-disclosed VSA of the RADIUS server of Short. 

Nevertheless, to further prosecution of this matter, Applicants amend the identity 
to be authenticated in claim 1 to be a combination of identities of a user station and of the 
mobile client. Such combination of identities is not disclosed by any of the references. 
The cited references at best disclose a single identity which is the identity of the to-be 
authenticated user. Based on the above limitation, claim 1 is not obvious by Stewart, 
Genty, and Short. Independent claims 10 and 39 recite similar limitations as claim 1. 
The remaining claims depend from independent claims 1, 10, and 39 and include all 
limitations of their respective independent claims. 

"If an independent claim is nonobvious under 35 U.S.C. 103, then any claim 
depending therefrom is nonobvious. In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. 
Cir. 1988)." M.P.E.P. § 2143.03 . 

Accordingly, Applicants respectfully request reconsideration of all pending 

claims. 
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The remaining references are cited for dependent claims. Applicants contend that 
the remaining references do not cure the above deficiencies of Stewart, Genty, and Short. 

Funk allegedly discloses a RADIUS/AAA server ( Funk, p.l ), however, it does not 
disclose that the first location information is included within a RADIUS vendor specific 
attribute (VSA) of the RADIUS attributes as recited by claim 1. Furthermore, Funk does 
not disclose the identity to be authenticated is a combination of identities of the user 
station and of the mobile client. 

Liming allegedly discloses a software and hardware architecture operating across 
a local or wide area network providing an integral spatial location context. Liming, 
Abstract . Examiner admits in the previous Office Action that Liming does not disclose a 
RADIUS server. Final Office Action, pp. 11-12 (mailed 05/25/2010) . This means that 
Liming cannot disclose that the first location information is included within a RADIUS 
vendor specific attribute (VSA) of the RADIUS attributes as recited by claim 1. 
Furthermore nothing in Liming suggests that the identity to be authenticated is a 
combination of identities of the user station and of the mobile client. 

Torvinen allegedly discloses a method and system to allow management of 
restricted group access based upon credentials associated with network terminals. 
Torvinen, Abstract . However, Torvinen does not disclose that the first location 
information is included within a RADIUS vendor specific attribute (VSA) of the 
RADIUS attributes. Furthermore, Torvinen does not disclose the identity to be 
authenticated is a combination of identities of the user station and of the mobile client. 

Kwan allegedly discloses "a multiple key, multiple tiered network security 
system, method and apparatus [that] provides at least three levels of security." Kwan 
Abstract . Kwan allegedly discloses an authentication sever 106 that comprises a server 
that uses the RADIUS for performing user authentication. Id. at par. |"00331 . However, 
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Kwan does not disclose that the first location information is included within a RADIUS 
vendor specific attribute (VSA) of the RADIUS attributes. Furthermore, Kwan does not 
disclose the identity to be authenticated is a combination of identities of the user station 
and of the mobile client. 

Tan allegedly discloses a "method and system for token based user access 
authentication [that] enables secure user access to a web server using a token, such as a 
smart card, and [that] provides a single sing-on mechanism which does not employ a user 
name and password in the log on process." Tan, Abstract . However, Tan does not 
disclose that the first location information is included within a RADIUS vendor specific 
attribute (VSA) of the RADIUS attributes. Furthermore, Tan does not disclose the 
identity to be authenticated is a combination of identities of the user station and of the 
mobile client. 

Based on the above arguments, claim 1 is not obvious by the cited references. 
Independent claims 10 and 39 recite similar limitations as claim 1. The remaining claims 
depend from independent claims 1, 10, and 39 and include all limitations of their 
respective independent claims. M.P.E.P. § 2143.03 . 

Applicants respectfully request reconsideration of all pending claims and 
respectfully request the Examiner to allow all pending claims based on the amendments 
and arguments. 
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Conclusion 



Applicants submit that they have overcome Examiner's objections to and rejections 
of the claims and that they have the right to claim the invention as listed in the listing of 
claims. Examiner is respectfully requested to contact the undersigned by telephone if it is 
believed that such contact would further the examination of the present application. 

Pursuant to 37 C.F.R. § 1.136(a)(3), Applicants request and authorize the U.S. 
Patent and Trademark Office to (1) treat any concurrent or future reply that requires a 
petition for extension of time as incorporating a petition for extension of time for the 
appropriate length of time and (2) charge all required fees, including extension of time 
fees and fees under 37 C.F.R. § 1.16 and § 1.17, to Deposit Account No. 02-2666. 



Respectfully submitted, 
Blakely, Sokoloff, Taylor & Zafman, LLP 



January 19, 2011 
Date 



Usman A. Mughal 
Reg. No. 62,887 
Attorney for Applicants 



/Usman A. Mughal/ 



1279 Oakmead Parkway 
Sunnyvale, CA 94085-4040 
(503) 439-8778 



I hcrcb\ col li I \ [hat this correspondence is bci ny su Inn i lied electronical!) \ ia IIS Weh on the date shown below. 



Dale: January 19. 2011 



/Katherine R. Campbell/ 
Katherine R. Campbell 
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